08a41b0a31
Fix issue when target PID not owned by session
2016-02-09 21:22:50 -06:00
c590fdd443
Land #6501 , Added Dlink DCS Authenticated RCE Module
2016-02-09 17:19:33 -06:00
5f0add2a8b
Land #6541 , typo fix for cisco_ssl_vpn
2016-02-09 17:13:24 -06:00
240cbb91be
s/resp/res/
2016-02-09 17:12:09 -06:00
eadbb6b582
moved module to modules/auxiliary/dos/misc
2016-02-09 11:44:01 -06:00
1d6b782cc8
Change logic
...
I just can't deal with this "unless" syntax...
2016-02-08 18:40:48 -06:00
d60dcf72f9
Resolve #6546 , support manual config for X-Jenkins-CLI-Port
...
Resolve #6546
2016-02-08 18:16:48 -06:00
54566823f5
Add IBM TSM Fastback denial of service module
2016-02-08 14:36:14 -06:00
c0a8b01c2b
Addition of multiple read/write to auxiliary/scanner/scada/modbusclient.rb
2016-02-08 13:13:51 +01:00
cd7046f233
Change method name "method" to "http_method" for http_traversal.rb
...
We accidentally override "#method", which is bad.
2016-02-07 23:15:46 -06:00
40633ea7cd
Check filepath length
2016-02-08 01:11:18 +00:00
df825913b8
Use default timeout
2016-02-07 07:11:47 +00:00
e0e67f5507
Remove unnecessary check for FILEPATH
2016-02-07 02:05:15 +00:00
2171c344e5
Fix #6539 , correct a typo in report_cred
...
Fix #6539
2016-02-06 13:23:21 -06:00
4cea6c0236
Update ie_unsafe_scripting to use BrowserExploitServer
...
This patch updates the ie_unsafe_scripting exploit to use the
BrowserExploitServer mixin in order to implement a JavaScript check.
The JS check allows the exploit to determine whether or not it is
in the poorly configured zone before firing.
It also adds another datastore option to carefully avoid IEs that
come with Protected Mode enabled by default. This is even though
IE allows unsafe ActiveX, PM could still block the malicious VBS or
Powershell execution by showing a security prompt. This is not ideal
during BrowserAutopwn.
And finally, since BAP2 can automatically load this exploit, we
bump the MaxExploitCount to 22 to continue favoring the
adobe_flash_uncompress_zlib_uninitialized module to be on the
default list.
Resolves #6341 for the purpose of better user experience.
2016-02-04 15:12:57 -06:00
55c8d23e1f
Handle refused connections during axfr
2016-02-04 09:23:49 -08:00
52d81f7e93
More/better status printing for big query types
2016-02-04 09:18:26 -08:00
c025458d22
More consistent record type printing
2016-02-04 09:12:36 -08:00
c630f791c3
Remove loot storage from enum_dns. Loot is appropriate for this use case
2016-02-04 09:10:08 -08:00
4408742930
Fix storage of SRV record notes
2016-02-04 09:08:21 -08:00
b64294abc9
Create file for CERT VU 777024 (auth download)
2016-02-04 07:57:48 +08:00
1f4324f686
Create file for CERT VU 777024
2016-02-04 07:54:16 +08:00
cd86db2734
Update ssh_identify_pubkeys to support symbolic path names
2016-02-03 14:21:54 -08:00
53d4e31844
Allow OptPath to valid symbolic paths that need expansion
2016-02-03 14:12:03 -08:00
49beca4e40
Fix ssh_identify_pubkeys to accept keyfiles with authorized commands
...
Previously, something like this would fail:
command="/some/script.sh" ssh-rsa adsfadfa root@whatever
This format is valid authorized_keys and should work here too. It does
now.
2016-02-03 13:50:17 -08:00
dbcef2c755
Deregister unused options
2016-02-03 13:20:30 -08:00
ef75845d01
Better fetching/saving of SRV records
2016-02-03 13:07:20 -08:00
b979128a2e
Added OSVBD ID thanks to @shipcod3
2016-02-01 17:11:46 -06:00
47c0a3b4a7
Get some stragglers that had a different format
2016-02-01 16:21:10 -06:00
8094eb631b
Do the same for aux modules
2016-02-01 16:06:34 -06:00
12256a6423
Remove now-redundant peer
...
These all include either Msf::Exploit::Remote:Tcp or Msf::Exploit::Remote:HttpClient
2016-02-01 15:12:03 -06:00
f5ee6ce2f3
Better service reporting for snmp_login
...
Report the snmp string and update the module title & description
to better clarify what the module really does.
2016-02-01 12:24:19 -06:00
d544bf9311
android set wallpaper
2016-02-01 01:16:17 +00:00
96ab598835
set wallpaper
2016-02-01 01:01:24 +00:00
3d4b7af6bb
Update description
2016-01-30 14:35:03 -06:00
413ea53984
Add found flag and touchup code
2016-01-30 14:31:45 -06:00
3abb6feb3f
Add autoadd feature to autoroute.rb
2016-01-29 21:34:22 -06:00
cd56470759
Land #6493 , move SSL to the default options, other fixes
2016-01-29 11:09:51 -06:00
110a4840e9
Land #6491 , Shrink the size of ms08_067 so that it again works w/ bind_tcp
2016-01-29 11:03:03 -06:00
b049debef0
Fixes as recommended in the PR discussion.
2016-01-28 23:29:01 -08:00
6fb27a3da9
Undo path and move the out of bound check
2016-01-28 23:49:50 -06:00
d51be6e3da
Fixing typo
...
This commit fixes a typo in the word "service"
2016-01-28 16:44:42 -06:00
1749932bb4
Cleanup loot saving output
2016-01-28 14:16:47 -08:00
6646785902
Don't enumerate other possible domains via TLD expansion by default
2016-01-28 14:09:09 -08:00
86e7cd92c0
Minor style nit on printed NS records
2016-01-28 14:08:20 -08:00
1ef7aef996
Fixing User : Pass delimiter
...
As per the PR comments, this commit replaces the user and
pass delimiter from "/" to ":"
2016-01-27 17:20:58 -06:00
8af751be41
Land #6470 , Telisca IPS Lock (and Unlock)
2016-01-27 16:41:25 -06:00
86c025de25
Title and description fixes for #6470
2016-01-27 16:40:06 -06:00
f6f2e1403b
Land #6496 , specify scripting language - elastic search
2016-01-27 15:42:47 -06:00
51efb2daee
Land #6422 , Add support for native target in Android webview exploit
2016-01-27 14:27:41 -06:00
Josh Hale